Re: [OAUTH-WG] Hi,any comment on draft-zhou-oauth-owner-auth?

zhou.sujing@zte.com.cn Mon, 03 December 2012 09:02 UTC

Return-Path: <zhou.sujing@zte.com.cn>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C99AD21F865F for <oauth@ietfa.amsl.com>; Mon, 3 Dec 2012 01:02:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -97.195
X-Spam-Level:
X-Spam-Status: No, score=-97.195 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_23=0.6, J_CHICKENPOX_48=0.6, MIME_BASE64_TEXT=1.753, MIME_CHARSET_FARAWAY=2.45, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aVSOiXhkY-9o for <oauth@ietfa.amsl.com>; Mon, 3 Dec 2012 01:02:31 -0800 (PST)
Received: from zte.com.cn (mx6.zte.com.cn [95.130.199.165]) by ietfa.amsl.com (Postfix) with ESMTP id B6D1121F861C for <oauth@ietf.org>; Mon, 3 Dec 2012 01:02:24 -0800 (PST)
Received: from zte.com.cn (unknown [192.168.168.119]) by Websense Email Security Gateway with ESMTP id DD5147BA48 for <oauth@ietf.org>; Mon, 3 Dec 2012 17:02:15 +0800 (CST)
Received: from mse01.zte.com.cn (unknown [10.30.3.20]) by Websense Email Security Gateway with ESMTPS id 8DFE1714400; Mon, 3 Dec 2012 17:00:27 +0800 (CST)
Received: from notes_smtp.zte.com.cn ([10.30.1.239]) by mse01.zte.com.cn with ESMTP id qB391wFS080003; Mon, 3 Dec 2012 17:01:58 +0800 (GMT-8) (envelope-from zhou.sujing@zte.com.cn)
In-Reply-To: <OF188B5B5D.67CBAE2A-ON48257AC9.002D49B8-48257AC9.002DBB1A@LocalDomain>
To: zhou.sujing@zte.com.cn
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 6.5.6 March 06, 2007
Message-ID: <OFCD6AA15E.4689E568-ON48257AC9.00314DF8-48257AC9.0031BB02@zte.com.cn>
From: zhou.sujing@zte.com.cn
Date: Mon, 03 Dec 2012 17:01:57 +0800
X-MIMETrack: Serialize by Router on notes_smtp/zte_ltd(Release 8.5.3FP1 HF212|May 23, 2012) at 2012-12-03 17:01:58, Serialize complete at 2012-12-03 17:01:58
Content-Type: multipart/alternative; boundary="=_alternative 0031BB0248257AC9_="
X-MAIL: mse01.zte.com.cn qB391wFS080003
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Hi,any comment on draft-zhou-oauth-owner-auth?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Dec 2012 09:02:35 -0000

And another difference is my use case could be that "assertion" be 
generated sequentially by resource owner and client.
For example, resource owner delegates a client to generate signature on 
behalf of it, client generates a signature using the private key of 
itself,
which is called proxy signature in cryptography. 



> My use case is indeed similar to  assertion flow "section 6.3. 
> Client Acting on Behalf of a User".
> Differences are:
> 1.  if my use case is carried out in assertion framework, "pricipal"
> should be client, while assertion document does not 
> include client as an option when client is acting on behalf of a 
> user(resource owner), it says  " an authorized accessor for which the 
> access token is being requested (typically the resource owner, or 
> an authorized delegate)."
> 2.  if my use case is carried out in assertion framework, "issuer" 
> should be resource owner, while assertion document only includes 
> client and token service 
> 
> In my use case the "assertion" is more like a private output, while 
> in assertion flow "assertion " is generated by a thrid party token 
> service or by client itself.
> 
> Nat Sakimura <sakimura@gmail.com> 
> 2012-12-03 14:44
> 
> 收件人
> 
> zhou.sujing@zte.com.cn
> 
> 抄送
> 
> "oauth@ietf.org WG" <oauth@ietf.org>
> 
> 主题
> 
> Re: Re: [OAUTH-WG] Hi,any comment on draft-zhou-oauth-owner-auth?
> 
> Your usecase sounds a little bit like the assertion flow. 
> The RO issues an assertion and the rest goes. 
> Is there reasons that an assertion flow cannot do? 
> 
> Nat

> On Mon, Dec 3, 2012 at 3:35 PM, <zhou.sujing@zte.com.cn> wrote:
> my use case(RO-initiated delegation): 
> -I deposit my child(precious resource) at kindergarden(Resource Server) 
> -I delegate a few persons,e.g., grandparents of my child, to pick up
> my child at the kindergarden 
> -when someone tries to take him outside of the kindergarden,  the 
> teacher will ask him/her to show my delegation 
>  statement, no statement, no taking my child. 
> 

> 
> -- 
> Nat Sakimura (=nat)
> Chairman, OpenID Foundation
> http://nat.sakimura.org/
> @_nat_en